A newly identified ransomware group named Volcano Demon is using aggressive tactics to compel victims to pay ransoms. Halycon, an anti-ransomware firm, recently reported that this group has targeted several organisations in the past weeks with a new encryption tool called LukaLocker.
Attack Strategy
Volcano Demon’s attack method is both simple and effective. Initially, the hackers infiltrate the target’s network, mapping it out and stealing as many sensitive files as they can. Following this, they deploy LukaLocker to encrypt files and entire systems. The victims are then instructed to pay a ransom in cryptocurrency to receive the decryption key and prevent the stolen data from being leaked.
Technical Details of LukaLocker
LukaLocker works by adding a .nba extension to encrypted files and is capable of operating on both Windows and Linux systems. The encryptor is proficient at hiding its tracks by erasing logs before exploitation, making it difficult for cybersecurity experts to perform a full forensic analysis. Furthermore, LukaLocker can disable processes linked to most major antivirus and anti-malware solutions, making recovery efforts even more challenging.
Unlike typical ransomware groups that maintain dedicated data leak sites, Volcano Demon employs a more direct and intimidating approach. They contact the leadership of the victimised companies via phone calls from unidentified numbers to negotiate ransom payments. These calls are often threatening in nature, adding psychological pressure to the already stressful situation of a ransomware attack.
Impact on Businesses
The harassment tactic used by Volcano Demon increases the urgency and stress for affected businesses. The inability to conduct thorough forensic investigations due to LukaLocker’s log-clearing capabilities leaves victims vulnerable and with limited recovery options.
Businesses must enhance their cybersecurity measures to reduce the risk of such attacks. Implementing comprehensive logging and monitoring solutions, maintaining regular backups, and educating employees about common infiltration methods like phishing are critical steps. Additionally, organisations should ensure their antivirus and anti-malware solutions are robust and regularly updated to counteract disabling mechanisms like those employed by LukaLocker.
Volcano Demon’s innovative approach to ransomware, characterised by harassing phone calls and sophisticated encryption methods, underscores the developing nature of cyber threats. As cybercriminals develop new strategies to exploit vulnerabilities, it is essential for businesses to remain vigilant and proactive in their cybersecurity efforts to protect sensitive data and ensure operational continuity.
